Tom Field writes:
What have been the biggest privacy issues of 2009, and what emerging trends should you watch heading into 2010?
We posed these questions to J. Trevor Hughes, Executive Director of the International Association of Privacy Professionals (IAPP). In an exclusive interview, Hughes discusses:
- The role of the IAPP;
- Key legislation in the U.S. and internationally;
- Where organizations need to improve privacy protection.
Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world’s largest association of privacy professionals.
Read the interview on GovInfoSecurity.com. Here’s a snippet:
FIELD: Now interesting that you mention public policy because one of the things that we have seen over the life of your organization is a number of individual states have an active privacy legislation, and then that number grows each year. There is a lot of discussion about privacy legislation nationally. What do you envision happening on the national scale, if anything?
HUGHES: It is difficult to predict what will happen, but I can certainly predict that something will happen. I think it is fair to say that privacy is an unsettled area of law, particularly in the United States. In other areas of the world, while not completely settled, there are broad-based privacy laws that at least attempt to apply to broad marketplace uses of data. We don’t have that in the United States. We have a more sectoral approach to privacy and that has opened the door for the states to be very active incubators on privacy laws.
A really good example of that is the entire class of privacy laws related to notice of security breach. That started in California in 2003, a Bill, FB1386, was our first notice of security breach law and that idea has really caught across the country. We now have over 45 state laws focusing on notice of security breach. There has been a significant federal debate as to whether we need a federal law that would pre-empt those state laws or supplement those state laws, and we have seen in some specific areas 00 healthcare, financial services — where notice of security breaches actually have been implemented at a federal level.
But as to a broad federal privacy bill, that is a really heavy lift, I think, for Congress. As we all know, Congress is a bit focused right now on the financial crisis and healthcare. So certainly through the remainder of 2009 I think it is unlikely that we would see broad-based privacy legislation in the United States emerge.
We may see bills emerge in areas related to online advertising or online privacy more broadly, and in 2010 I certainly think that the debate will occur. We know that there are hearings coming up just this week on privacy and those sorts of things, hearings, roundtables with the Federal Trade Commission — those will certainly be happening as well next year.
But as to whether we will see a national privacy legislation, I would have to say the crystal ball is pretty cloudy on that, and it is a little unclear whether something like that would actually gain traction.